funzione addslashes()

[gianna]

Salve a tutti, ho un problema. Mi hanno costruito un'interfaccia gestionale dove inserire immagine, titolo, testo e altre immagini.
Quando digito un testo nel box testo se ci sono apostrofi il gestionale non invia i dati al DB.

Ipotizzo che la stringa addslashes() debba essere inserita nel form di invio, ma non so ne dove e ne come.
Mi aiutereste?! GRAZIE
Vi invio il codice:


<?
include_once ('conn.php');

function resize2 ($picture,$max) {
$src_img=ImagecreateFromJpeg($picture);

$oh = imagesy($src_img); # original height
$ow = imagesx($src_img); # original width

$new_h = $oh;
$new_w = $ow;

if($oh > $max || $ow > $max){
$r = $oh/$ow;
$new_h = ($oh > $ow) ? $max : $max*$r;
$new_w = $new_h/$r;
}
// note TrueColor does 256 and not.. 8
$dst_img = ImageCreateTrueColor($new_w,$new_h);

ImageCopyResized($dst_img, $src_img, 0,0,0,0, $new_w, $new_h, ImageSX($src_img), ImageSY($src_img));

ImageJpeg($dst_img, $picture);
}
$datazza = gmdate("Y-m-d");
if ($act == 'invia') {
if (($titolo) && ($testo)) {
//********************************** prima immagine ****************************
$image = $_FILES["img"]["tmp_name"];
resize2 ($image , 70);
$imgsiz = getimagesize($_FILES["img"]["tmp_name"]);
$width = $imgsiz[0];
$height = $imgsiz[1];
$type = $_FILES["img"]["type"];
$data1 = @addslashes(@fread(@fopen($_FILES["img"]["tmp_name"], "rb"), $_FILES["img"]["size"]));
//************************RIDIMENSIONA IMG 2 ****************************
$image2 = $_FILES["img2"]["tmp_name"];
resize2 ($image2 , 200);
$imgsiz = getimagesize($_FILES["img2"]["tmp_name"]);
$width2 = $imgsiz[0];
$height2 = $imgsiz[1];
$type2 = $_FILES["img2"]["type"];
$data2 = @addslashes(@fread(@fopen($_FILES["img2"]["tmp_name"], "rb"), $_FILES["img2"]["size"]));
//************************RIDIMENSIONA IMG 3 ****************************
$image3 = $_FILES["img3"]["tmp_name"];
resize2 ($image3 , 200);
$imgsiz = getimagesize($_FILES["img3"]["tmp_name"]);
$width3 = $imgsiz[0];
$height3 = $imgsiz[1];
$type3 = $_FILES["img3"]["type"];
$data3 = @addslashes(@fread(@fopen($_FILES["img3"]["tmp_name"], "rb"), $_FILES["img3"]["size"]));
//************************RIDIMENSIONA IMG 4 ****************************
$image4 = $_FILES["img4"]["tmp_name"];
resize2 ($image4 , 200);
$imgsiz = getimagesize($_FILES["img4"]["tmp_name"]);
$width4 = $imgsiz[0];
$height4 = $imgsiz[1];
$type4 = $_FILES["img4"]["type"];
$data4 = @addslashes(@fread(@fopen($_FILES["img4"]["tmp_name"], "rb"), $_FILES["img4"]["size"]));

$query = "INSERT INTO news VALUES (NULL, '$titolo', '$testo', '$data1', '$width', '$height', '$type', '$data', '$data2', '$width2', '$height2', '$type2', '$data3', '$width3', '$height3', '$type3', '$data4', '$width4', '$height4', '$type4')";
mysql_query ($query)or die("Function Error: ".mysql_error());
header ("location: news.php");

}
}

@include_once("inctop.php");
?>
<style type="text/css">
<!--
/* BEGIN Advanced HTML Editor */
.dmx_btn { width: 22px; height: 22px; border: 1px solid #F2F5FA; margin: 0; padding: 0; background-color: #F2F5FA; }
.dmx_btnOver { width: 22px; height: 22px; border: 1px outset #C4D2E8; background-color: #C4D2E8; }
.dmx_btnDown { width: 22px; height: 22px; border: 1px inset #C4D2E8; background-color: #C4D2E8; }
.dmx_btnNA { width: 22px; height: 22px; border: 1px solid #F2F5FA; background-color: #F2F5FA; filter: alpha(opacity=25); }
.dmx_menuBar { background-color:#F2F5FA; }
/* END Advanced HTML Editor */
-->
</style>
<script language="javascript">
<!--
/* BEGIN Advanced HTML Editor */
var BaseURL = "../";
/* END Advanced HTML Editor */
//-->
</script>
<script language="JavaScript" src="../ScriptLibrary/AdvHTMLEdit.js"></script>
<script language="JavaScript" src="../ScriptLibrary/AdvHTMLLang.js"></script>
<table width="750" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td height="30" colspan="2" align="center" class="tit">AGGIUNGI NEWS </td>
</tr>
<form name="form1" action="news_add.php?act=invia" enctype="multipart/form-data" method="post">
<tr>
<td width="124">Immagine centrale </td>
<td width="618"><input name="img" type="file" class="input" style='width: 220px;'></td>
</tr>
<tr>
<td>Titolo</td>
<td><input name="titolo" type="text" class="input" id="titolo" style='width: 220px;'></td>
</tr>
<tr>
<td>Data</td>
<td><input name="data" type="text" class="input" id="data" value="<? echo $datazza ?>" style='width: 220px;'></td>
</tr>
<tr>
<td>Testo</td>
<td><textarea dmxedit="true" name="testo" config="language:it"></textarea></td>
</tr>
<tr>
<td>Altra immagine 1 </td>
<td><input name="img2" type="file" class="input" style='width: 220px;'></td>
</tr>
<tr>
<td>Altra immagine 2 </td>
<td><input name="img3" type="file" class="input" style='width: 220px;'></td>
</tr>
<tr>
<td>Altra immagine 3 </td>
<td><input name="img4" type="file" class="input" style='width: 220px;'></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="Submit" type="submit" class="input" value="Invia">
</div></td>
</tr></form>
</table>

[ade_v]

....
$titolo=addslashes($titolo);
$testo =addslashes($testo);

$query = "INSERT INTO news VALUES (NULL, '$titolo', '$testo', '$data1', '$width', '$height', '$type', '$data', '$data2', '$width2', '$height2', '$type2', '$data3', '$width3', '$height3', '$type3', '$data4', '$width4', '$height4', '$type4')";
mysql_query ($query)or die("Function Error: ".mysql_error());
header ("location: news.php");
....

[gianna]

Grazie grazie tanto, un ultimo aiuto, lo devo inserire anche nel file che modifica le notizie inserite. GRAZIE.

Il codice è questo:


<?
include_once ('conn.php');
function resize2 ($picture,$max) {
$src_img=ImagecreateFromJpeg($picture);

$oh = imagesy($src_img); # original height
$ow = imagesx($src_img); # original width

$new_h = $oh;
$new_w = $ow;

if($oh > $max || $ow > $max){
$r = $oh/$ow;
$new_h = ($oh > $ow) ? $max : $max*$r;
$new_w = $new_h/$r;
}
// note TrueColor does 256 and not.. 8
$dst_img = ImageCreateTrueColor($new_w,$new_h);

ImageCopyResized($dst_img, $src_img, 0,0,0,0, $new_w, $new_h, ImageSX($src_img), ImageSY($src_img));

ImageJpeg($dst_img, $picture);
}



if ($idc) {
if (mysql_query("DELETE FROM news WHERE ID = '$idc' LIMIT 1")) header ("location: news.php");
}


if ($act == 'mod') {
if (($titolo) && ($testo)) {
$query = "UPDATE news SET titolo = '$titolo' , testo = '$testo' , data = '$data' ";
if (($img != 'none') && ($img != "")) {
$image = $_FILES["img"]["tmp_name"];
resize2 ($image , 70);
$data1 = @addslashes(@fread(@fopen($_FILES["img"]["tmp_name"], "rb"), $_FILES["img"]["size"]));
$imgsiz = getimagesize($_FILES["img"]["tmp_name"]);
$width = $imgsiz[0];
$height = $imgsiz[1];
$type = $_FILES["img"]["type"];
$query .= ", foto = '$data1', foto_w = '$width', foto_h = '$height', foto_type = '$type' ";
}

if (($img2 != 'none') && ($img2 != "")) {
$image2 = $_FILES["img2"]["tmp_name"];
resize2 ($image2 , 200);
$data2 = @addslashes(@fread(@fopen($_FILES["img2"]["tmp_name"], "rb"), $_FILES["img2"]["size"]));
$imgsiz = getimagesize($_FILES["img2"]["tmp_name"]);
$width2 = $imgsiz[0];
$height2 = $imgsiz[1];
$type2 = $_FILES["img"]["type"];
$query .= ", aimg1 = '$data2', aimg1_w = '$width2', aimg1_h = '$height2', aimg1_type = '$type2' ";
}

if (($img3 != 'none') && ($img3 != "")) {
$image3 = $_FILES["img3"]["tmp_name"];
resize2 ($image3 , 200);
$data3 = @addslashes(@fread(@fopen($_FILES["img3"]["tmp_name"], "rb"), $_FILES["img3"]["size"]));
$imgsiz = getimagesize($_FILES["img3"]["tmp_name"]);
$width3 = $imgsiz[0];
$height3 = $imgsiz[1];
$type3 = $_FILES["img3"]["type"];
$query .= ", aimg2 = '$data3', aimg2_w = '$width3', aimg2_h = '$height3', aimg2_type = '$type3' ";
}

if (($img4 != 'none') && ($img4 != "")) {
$image4 = $_FILES["img4"]["tmp_name"];
resize2 ($image4 , 200);
$data4 = @addslashes(@fread(@fopen($_FILES["img4"]["tmp_name"], "rb"), $_FILES["img4"]["size"]));
$imgsiz = getimagesize($_FILES["img4"]["tmp_name"]);
$width4 = $imgsiz[0];
$height4 = $imgsiz[1];
$type4 = $_FILES["img4"]["type"];
$query .= ", aimg3 = '$data4', aimg3_w = '$width4', aimg3_h = '$height4', aimg3_type = '$type4' ";
}
$query .= " WHERE ID = '$id'";
if (@mysql_query ($query)) @header ("location: news.php");
}
}

$query = "SELECT * FROM news WHERE ID = '$id'";
$res = mysql_query($query);
$db_data = mysql_fetch_row($res);
$id_news = $db_data[0];
$titolo = $db_data[1];
$testo = $db_data[2];
$datazza = $db_data[7];

if (($db_data[8] != 'none') && ($db_data[8] != '')) {
$imma2 = "[img]imageview.php?id=$id_news&tab=news&num=8[/img]";
}
if (($db_data[12] != 'none') && ($db_data[12] != '')) {
$imma3 = "[img]imageview.php?id=$id_news&tab=news&num=12[/img]";
}
if (($db_data[16] != 'none') && ($db_data[16] != '')) {
$imma4 = "[img]imageview.php?id=$id_news&tab=news&num=16[/img]";
}
@include_once ("inctop.php");
?>
<table width="750" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td height="30" colspan="2" align="center" class="tit">AGGIUNGI NEWS </td>
</tr>
<form name="form1" action="news_mod.php?act=mod" enctype="multipart/form-data" method="post">
<tr>
<td width="124">Immagine centrale </td>
<td width="618" valign="middle"><input name="img" type="file" class="input" style='width: 220px;'>
<? echo "[img]imageview.php?id=$id_news&tab=news&num=3[/img]"; ?> </td>
</tr>
<tr>
<td>Titolo</td>
<td><input name="titolo" type="text" class="input" id="titolo" style='width: 220px;' value="<? echo $titolo ?>"></td>
</tr>
<tr>
<td>Data</td>
<td><input name="data" type="text" class="input" id="data" value="<? echo $datazza ?>" style='width: 220px;'></td>
</tr>
<tr>
<td height="25" class="orange">* Suggerimento:</td>
<td height="25"><span class="orange">Per andare a capo con una sola interlinea premere</span> SHIFT + INVIO <span class="orange">invece di solo INVIO</span></td>
</tr>
<tr>
<td>Testo</td>
<td><textarea dmxedit="true" name="testo"><? echo $testo ?></textarea></td>
</tr>
<tr>
<td>Altra immagine 1 </td>
<td><input name="img2" type="file" class="input" style='width: 220px;'>

<? if ($imma2 != '') echo $imma2; ?></td>
</tr>
<tr>
<td>Altra immagine 2 </td>
<td><input name="img3" type="file" class="input" style='width: 220px;'>

<? if ($imma3 != '') echo $imma3; ?></td>
</tr>
<tr>
<td>Altra immagine 3 </td>
<td><input name="img4" type="file" class="input" style='width: 220px;'>

<? if ($imma4 != '') echo $imma4; ?></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="id" type="hidden" value="<? echo $id ?>">
<input name="Submit" type="submit" class="input" value="Modifica">
</div></td>
</tr>
</form>
</table>




<style type="text/css">
<!--
/* BEGIN Advanced HTML Editor */
.dmx_btn { width: 22px; height: 22px; border: 1px solid #ECE9D8; margin: 0; padding: 0; background-color: #ECE9D8; }
.dmx_btnOver { width: 22px; height: 22px; border: 1px outset; background-color: #FCF9E8; }
.dmx_btnDown { width: 22px; height: 22px; border: 1px inset; background-color: #FCF9E8; }
.dmx_btnNA { width: 22px; height: 22px; border: 1px solid #ECE9D8; filter: alpha(opacity=25); }
.dmx_menuBar { background-color: #ECE9D8; }
/* END Advanced HTML Editor */
-->
</style>
<script language="javascript">
<!--
/* BEGIN Advanced HTML Editor */
var BaseURL = "../";
/* END Advanced HTML Editor */
//-->
</script>
<script language="JavaScript" src="../ScriptLibrary/AdvHTMLEdit.js"></script>
<script language="JavaScript" src="../ScriptLibrary/AdvHTMLLang.js"></script>

[ade_v]

....
$titolo=addslashes($titolo);
$testo =addslashes($testo);

$query = "UPDATE news SET titolo = '$titolo' , testo = '$testo' , data = '$data' ";

.....

[gianna]

INFINITAMENTE GRATA.